diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-02-18 12:15:52 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2011-02-18 12:15:52 +0100 |
commit | 4dd7a3c15830aa21548716798171e67cb14bca49 (patch) | |
tree | 0b347c499aa2adcf7367061d09cf0e70399a4464 /src | |
parent | 3bb13acbff0983960e06eb33e0daa98c3dab472c (diff) | |
download | conntrack-tools-4dd7a3c15830aa21548716798171e67cb14bca49.tar.gz conntrack-tools-4dd7a3c15830aa21548716798171e67cb14bca49.zip |
conntrackd: remove use of deprecated nfct_maxsize()
This patch removes the use of nfct_maxsize() and several abusive
stack-based allocations.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/netlink.c | 17 | ||||
-rw-r--r-- | src/sync-mode.c | 10 |
2 files changed, 16 insertions, 11 deletions
diff --git a/src/netlink.c b/src/netlink.c index 1810f4a..60274f3 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -164,20 +164,21 @@ int nl_send_resync(struct nfct_handle *h) /* if the handle has no callback, check for existence, otherwise, update */ int nl_get_conntrack(struct nfct_handle *h, const struct nf_conntrack *ct) { - int ret; - char __tmp[nfct_maxsize()]; - struct nf_conntrack *tmp = (struct nf_conntrack *) (void *)__tmp; + int ret = 1; + struct nf_conntrack *tmp; - memset(__tmp, 0, sizeof(__tmp)); + tmp = nfct_new(); + if (tmp == NULL) + return -1; /* use the original tuple to check if it is there */ nfct_copy(tmp, ct, NFCT_CP_ORIG); - ret = nfct_query(h, NFCT_Q_GET, tmp); - if (ret == -1) - return errno == ENOENT ? 0 : -1; + if (nfct_query(h, NFCT_Q_GET, tmp) == -1) + ret = (errno == ENOENT) ? 0 : -1; - return 1; + nfct_destroy(tmp); + return ret; } int nl_create_conntrack(struct nfct_handle *h, diff --git a/src/sync-mode.c b/src/sync-mode.c index 4b48449..5351110 100644 --- a/src/sync-mode.c +++ b/src/sync-mode.c @@ -43,8 +43,7 @@ static void do_channel_handler_step(int i, struct nethdr *net, size_t remain) { - char __ct[nfct_maxsize()]; - struct nf_conntrack *ct = (struct nf_conntrack *)(void*) __ct; + struct nf_conntrack *ct; if (net->version != CONNTRACKD_PROTOCOL_VERSION) { STATE_SYNC(error).msg_rcv_malformed++; @@ -74,11 +73,15 @@ do_channel_handler_step(int i, struct nethdr *net, size_t remain) STATE_SYNC(error).msg_rcv_bad_type++; return; } - memset(ct, 0, sizeof(__ct)); + /* TODO: add stats on ENOMEM errors in the future. */ + ct = nfct_new(); + if (ct == NULL) + return; if (parse_payload(ct, net, remain) == -1) { STATE_SYNC(error).msg_rcv_malformed++; STATE_SYNC(error).msg_rcv_bad_payload++; + nfct_destroy(ct); return; } @@ -97,6 +100,7 @@ do_channel_handler_step(int i, struct nethdr *net, size_t remain) STATE_SYNC(error).msg_rcv_bad_type++; break; } + nfct_destroy(ct); } static char __net[65536]; /* XXX: maximum MTU for IPv4 */ |